aes_encrypt
Returns an encrypted value of input using AES in given mode with the specified padding. Key lengths of 16, 24 and 32 bits are supported. Supported combinations of (mode, padding) are (ECB, PKCS), (GCM, NONE) and (CBC, PKCS). Optional initialization vectors (IVs) are only supported for CBC and GCM modes. These must be 16 bytes for CBC and 12 bytes for GCM. If not provided, a random vector will be generated and prepended to the output. Optional additional authenticated data (AAD) is only supported for GCM. If provided for encryption, the identical AAD value must be provided for decryption. The default mode is GCM.
Syntax
from pyspark.sql import functions as sf
sf.aes_encrypt(input, key, mode=None, padding=None, iv=None, aad=None)
Parameters
Parameter | Type | Description |
|---|---|---|
|
| The binary value to encrypt. |
|
| The passphrase to use to encrypt the data. |
|
| Specifies which block cipher mode should be used to encrypt messages. Valid modes: ECB, GCM, CBC. |
|
| Specifies how to pad messages whose length is not a multiple of the block size. Valid values: PKCS, NONE, DEFAULT. The DEFAULT padding means PKCS for ECB, NONE for GCM and PKCS for CBC. |
|
| Optional initialization vector. Only supported for CBC and GCM modes. Valid values: None or "". 16-byte array for CBC mode. 12-byte array for GCM mode. |
|
| Optional additional authenticated data. Only supported for GCM mode. This can be any free-form input and must be provided for both encryption and decryption. |
Returns
pyspark.sql.Column: A new column that contains an encrypted value.
Examples
Example 1: Encrypt data with key, mode, padding, iv and aad
from pyspark.sql import functions as sf
df = spark.createDataFrame([(
"Spark", "abcdefghijklmnop12345678ABCDEFGH", "GCM", "DEFAULT",
"000000000000000000000000", "This is an AAD mixed into the input",)],
["input", "key", "mode", "padding", "iv", "aad"]
)
df.select(sf.base64(sf.aes_encrypt(
df.input, df.key, "mode", df.padding, sf.to_binary(df.iv, sf.lit("hex")), df.aad)
)).show(truncate=False)
+-----------------------------------------------------------------------+
|base64(aes_encrypt(input, key, mode, padding, to_binary(iv, hex), aad))|
+-----------------------------------------------------------------------+
|AAAAAAAAAAAAAAAAQiYi+sTLm7KD9UcZ2nlRdYDe/PX4 |
+-----------------------------------------------------------------------+
Example 2: Encrypt data with key, mode, padding and iv
from pyspark.sql import functions as sf
df = spark.createDataFrame([(
"Spark", "abcdefghijklmnop12345678ABCDEFGH", "GCM", "DEFAULT",
"000000000000000000000000", "This is an AAD mixed into the input",)],
["input", "key", "mode", "padding", "iv", "aad"]
)
df.select(sf.base64(sf.aes_encrypt(
df.input, df.key, "mode", df.padding, sf.to_binary(df.iv, sf.lit("hex")))
)).show(truncate=False)
+--------------------------------------------------------------------+
|base64(aes_encrypt(input, key, mode, padding, to_binary(iv, hex), ))|
+--------------------------------------------------------------------+
|AAAAAAAAAAAAAAAAQiYi+sRNYDAOTjdSEcYBFsAWPL1f |
+--------------------------------------------------------------------+
Example 3: Encrypt data with key, mode and padding
from pyspark.sql import functions as sf
df = spark.createDataFrame([(
"Spark SQL", "1234567890abcdef", "ECB", "PKCS",)],
["input", "key", "mode", "padding"]
)
df.select(sf.aes_decrypt(sf.aes_encrypt(df.input, df.key, "mode", df.padding),
df.key, df.mode, df.padding
).cast("STRING")).show(truncate=False)
+---------------------------------------------------------------------------------------------+
|CAST(aes_decrypt(aes_encrypt(input, key, mode, padding, , ), key, mode, padding, ) AS STRING)|
+---------------------------------------------------------------------------------------------+
|Spark SQL |
+---------------------------------------------------------------------------------------------+
Example 4: Encrypt data with key and mode
from pyspark.sql import functions as sf
df = spark.createDataFrame([(
"Spark SQL", "0000111122223333", "ECB",)],
["input", "key", "mode"]
)
df.select(sf.aes_decrypt(sf.aes_encrypt(df.input, df.key, "mode"),
df.key, df.mode
).cast("STRING")).show(truncate=False)
+---------------------------------------------------------------------------------------------+
|CAST(aes_decrypt(aes_encrypt(input, key, mode, DEFAULT, , ), key, mode, DEFAULT, ) AS STRING)|
+---------------------------------------------------------------------------------------------+
|Spark SQL |
+---------------------------------------------------------------------------------------------+
Example 5: Encrypt data with key
from pyspark.sql import functions as sf
df = spark.createDataFrame([(
"Spark SQL", "abcdefghijklmnop",)],
["input", "key"]
)
df.select(sf.aes_decrypt(
sf.unbase64(sf.base64(sf.aes_encrypt(df.input, df.key))), df.key
).cast("STRING")).show(truncate=False)
+-------------------------------------------------------------------------------------------------------------+
|CAST(aes_decrypt(unbase64(base64(aes_encrypt(input, key, GCM, DEFAULT, , ))), key, GCM, DEFAULT, ) AS STRING)|
+-------------------------------------------------------------------------------------------------------------+
|Spark SQL |
+-------------------------------------------------------------------------------------------------------------+